gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: consolidation for harbor

Browse Source 
- dev-docker-registry-01 -> dev-harbor-01
- qa-docker-registry-01 -> qa-harbor-01
master
Sven Ketelsen 4 years ago
parent d1b41daa87
commit 44c7509e11
28 changed files with 198 additions and 626 deletions
Show Stats Download Patch File Download Diff File

6
README.md
Unescape Escape View File

@ -79,9 +79,9 @@ after it, you are able to exec some ansbible-runs like:
if everything works fine, plz push the created docker container with: if everything works fine, plz push the created docker container with:
docker login dev-docker-registry-01.smardigo.digital docker login dev-harbor-01.smardigo.digital
docker tag XXXXXXXX dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
docker push dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee

8
ansible-builder/README.md
Unescape Escape View File

@ -1,6 +1,6 @@
# Execution Environment for AWX # Execution Environment for AWX
ansible-builder build --tag dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest ansible-builder build --tag dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
docker login dev-docker-registry-01.smardigo.digital docker login dev-harbor-01.smardigo.digital
docker tag XXXXXXXX dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee:latest docker tag XXXXXXXX dev-harbor-01.smardigo.digital/awx/awx-custom-ee:latest
docker push dev-docker-registry-01.smardigo.digital/awx/awx-custom-ee docker push dev-harbor-01.smardigo.digital/awx/awx-custom-ee

6
docker/dregsy/config.yaml
Unescape Escape View File

@ -48,7 +48,7 @@ tasks:
registry: docker.dev-at.de registry: docker.dev-at.de
auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
target: target:
registry: dev-docker-registry-01.smardigo.digital registry: dev-harbor-01.smardigo.digital
auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
# 'mappings' is a list of 'from':'to' pairs that define mappings of image # 'mappings' is a list of 'from':'to' pairs that define mappings of image
@ -84,7 +84,7 @@ tasks:
registry: docker.dev-at.de registry: docker.dev-at.de
auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
target: target:
registry: dev-docker-registry-01.smardigo.digital registry: dev-harbor-01.smardigo.digital
auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
mappings: mappings:
- from: smardigo/sensw-app - from: smardigo/sensw-app
@ -107,7 +107,7 @@ tasks:
registry: docker.dev-at.de registry: docker.dev-at.de
auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg== auth: eyJ1c2VybmFtZSI6ImFkbWluIiwicGFzc3dvcmQiOiJRNHB6aWhWRFl3eUthZEM3NmxiNCJ9Cg==
target: target:
registry: dev-docker-registry-01.smardigo.digital registry: dev-harbor-01.smardigo.digital
auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K auth: eyJ1c2VybmFtZSI6InJvYm90JGFuc2libGUiLCJwYXNzd29yZCI6IlAwRmJkb2tSc3V0V2lvVWl2cmI5TzVET05HY2FHNk1KIn0K
mappings: mappings:
- from: smardigo/ssp-connect-app - from: smardigo/ssp-connect-app

10
group_vars/all/plain.yml
Unescape Escape View File

@ -119,11 +119,11 @@ docker_compose_path: "/usr/bin/docker-compose"
service_base_path: '/etc/smardigo' service_base_path: '/etc/smardigo'
# TODO we need a company email addresses # TODO we need a company email addresses
gitea_admin_email: "sven.ketelsen@netgo.de" gitea_admin_email: "nso.devops@netgo.de"
lets_encrypt_email: "sven.ketelsen@netgo.de" lets_encrypt_email: "nso.devops@netgo.de"
docker_admin_email: "sven.ketelsen@netgo.de" docker_admin_email: "nso.devops@netgo.de"
connect_admin_email: "sven.ketelsen@netgo.de" connect_admin_email: "nso.devops@netgo.de"
keycloak_admin_email: "sven.ketelsen@netgo.de" keycloak_admin_email: "nso.devops@netgo.de"
http_port: "80" http_port: "80"
https_port: "443" https_port: "443"

10
group_vars/keycloak/plain.yml
Unescape Escape View File

@ -34,18 +34,18 @@ keycloak: {
], ],
clients: [ clients: [
{ {
clientId: '{{ docker_registry_oidc_client_id }}', clientId: '{{ harbor_oidc_client_id }}',
name: '{{ docker_registry_oidc_client_id }}', name: '{{ harbor_oidc_client_id }}',
admin_url: '', admin_url: '',
root_url: '', root_url: '',
redirect_uris: ' redirect_uris: '
[ [
"{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}/*", "{{ http_s }}://{{ shared_service_harbor_hostname }}/*",
]', ]',
secret: '{{ docker_registry_oidc_client_secret }}', secret: '{{ harbor_oidc_client_secret }}',
web_origins: ' web_origins: '
[ [
"{{ http_s }}://{{ stage }}-docker-registry-01.{{ domain }}", "{{ http_s }}://{{ shared_service_harbor_hostname }}",
]', ]',
} }
] ]

2
group_vars/management/plain.yml
Unescape Escape View File

@ -2,7 +2,7 @@
hetzner_server_type: cx21 hetzner_server_type: cx21
connect_image_version: "latest" connect_image_version: "8.5.8"
connect_admin_username: "{{ management_admin_username }}" connect_admin_username: "{{ management_admin_username }}"
connect_admin_password: "{{ management_admin_password }}" connect_admin_password: "{{ management_admin_password }}"

22
group_vars/stage_dev/plain.yml
Unescape Escape View File

@ -28,8 +28,8 @@ shared_service_logstash_01: "{{ stage_server_infos
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_docker_ip: "{{ stage_server_infos shared_service_harbor_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-docker-registry-01' ) | selectattr('name', 'match', stage + '-harbor-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
| list | list
| first | first
@ -155,7 +155,7 @@ shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain
shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}" shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}" shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}" shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}"
management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}" management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
@ -191,8 +191,8 @@ shared_service_hosts: [
name: "{{ shared_service_postgres_01_hostname }}" name: "{{ shared_service_postgres_01_hostname }}"
}, },
{ {
ip: "{{ shared_service_docker_ip }}", ip: "{{ shared_service_harbor_ip }}",
name: "{{ shared_service_docker_registry_hostname }}" name: "{{ shared_service_harbor_hostname }}"
}, },
{ {
ip: "{{ shared_service_mail_ip }}", ip: "{{ shared_service_mail_ip }}",
@ -259,12 +259,12 @@ elastic_stack_network: {
dev-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}", dev-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
} }
docker_registry_oidc_realm: "docker" harbor_oidc_realm: "docker"
docker_registry_oidc_client_id: "docker-registry" harbor_oidc_client_id: "harbor"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'" postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
connect_image_version: "latest" connect_image_version: "8.5.8"
iam_image_version: "latest" iam_image_version: "latest"
management_oidc_realm: "management" management_oidc_realm: "management"
@ -300,8 +300,8 @@ harbor_admin_username: "{{ harbor_admin_username_vault }}"
harbor_admin_password: "{{ harbor_admin_password_vault }}" harbor_admin_password: "{{ harbor_admin_password_vault }}"
harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}" harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}"
docker_registry_username: "{{ docker_registry_username_vault }}" harbor_username: "{{ docker_registry_username_vault }}"
docker_registry_token: "{{ docker_registry_token_vault }}" harbor_token: "{{ docker_registry_token_vault }}"
elastic_admin_username: "{{ elastic_admin_username_vault }}" elastic_admin_username: "{{ elastic_admin_username_vault }}"
elastic_admin_password: "{{ elastic_admin_password_vault }}" elastic_admin_password: "{{ elastic_admin_password_vault }}"
@ -326,5 +326,5 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}" management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"

22
group_vars/stage_qa/plain.yml
Unescape Escape View File

@ -28,8 +28,8 @@ shared_service_logstash_01: "{{ stage_server_infos
| list | list
| first | first
| default('-') }}" | default('-') }}"
shared_service_docker_ip: "{{ stage_server_infos shared_service_harbor_ip: "{{ stage_server_infos
| selectattr('name', 'match', stage + '-docker-registry-01' ) | selectattr('name', 'match', stage + '-harbor-01' )
| map(attribute='private_ip') | map(attribute='private_ip')
| list | list
| first | first
@ -155,7 +155,7 @@ shared_service_kube_prometheus_hostname: "{{ stage }}-kube-prometheus.{{ domain
shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}" shared_service_pdns_hostname: "{{ stage }}-pdns-01.{{ domain }}"
shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}" shared_service_webdav_hostname: "{{ stage }}-webdav-01.{{ domain }}"
shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}" shared_service_keycloak_hostname: "{{ stage }}-keycloak-01.{{ domain }}"
shared_service_docker_registry_hostname: "{{ stage }}-docker-registry-01.{{ domain }}" shared_service_harbor_hostname: "{{ stage }}-harbor-01.{{ domain }}"
management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}" management_service_connect_hostname: "{{ stage }}-management-01-connect.{{ domain }}"
@ -191,8 +191,8 @@ shared_service_hosts: [
name: "{{ shared_service_postgres_01_hostname }}" name: "{{ shared_service_postgres_01_hostname }}"
}, },
{ {
ip: "{{ shared_service_docker_ip }}", ip: "{{ shared_service_harbor_ip }}",
name: "{{ shared_service_docker_registry_hostname }}" name: "{{ shared_service_harbor_hostname }}"
}, },
{ {
ip: "{{ shared_service_mail_ip }}", ip: "{{ shared_service_mail_ip }}",
@ -259,12 +259,12 @@ elastic_stack_network: {
qa-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}", qa-elastic-stack-elastic-03: "{{ shared_service_elastic_03 }}",
} }
docker_registry_oidc_realm: "docker" harbor_oidc_realm: "docker"
docker_registry_oidc_client_id: "docker-registry" harbor_oidc_client_id: "harbor"
postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'" postgres_listen_addresses: "listen_addresses = 'localhost,{{ stage_server_ip }},{{ stage_private_server_ip }}'"
connect_image_version: "latest" connect_image_version: "8.5.8"
iam_image_version: "latest" iam_image_version: "latest"
management_oidc_realm: "management" management_oidc_realm: "management"
@ -300,8 +300,8 @@ harbor_admin_username: "{{ harbor_admin_username_vault }}"
harbor_admin_password: "{{ harbor_admin_password_vault }}" harbor_admin_password: "{{ harbor_admin_password_vault }}"
harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}" harbor_postgresql_password: "{{ harbor_postgresql_password_vault }}"
docker_registry_username: "{{ docker_registry_username_vault }}" harbor_username: "{{ docker_registry_username_vault }}"
docker_registry_token: "{{ docker_registry_token_vault }}" harbor_token: "{{ docker_registry_token_vault }}"
elastic_admin_username: "{{ elastic_admin_username_vault }}" elastic_admin_username: "{{ elastic_admin_username_vault }}"
elastic_admin_password: "{{ elastic_admin_password_vault }}" elastic_admin_password: "{{ elastic_admin_password_vault }}"
@ -326,5 +326,5 @@ argocd_server_admin_password: "{{ argocd_server_admin_password_vault }}"
netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}" netgo_msteams_hook_alerting: "{{ netgo_msteams_hook_alerting_vault }}"
docker_registry_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}" harbor_oidc_client_secret: "{{ docker_registry_oidc_client_secret_vault }}"
management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}" management_oidc_client_secret: "{{ management_oidc_client_secret_vault }}"

165
group_vars/stage_qa/vault.yml
Unescape Escape View File

@ -1,85 +1,82 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
63356234316338353566626562643535363235383432383961373931343331326564326661343736 39643163623762306538313033363736393930643464336238313265666231353662396663323237
3666366335386237363664333361393132376532373163320a356564393039336637623263376437 3639623961663831363065336335313636343839313034620a626330393237336265333738333132
38333365323231333264616432313736376332633064396363313261316331646338656638363633 32633461373037646166356563363365356631333431616662353633646637346561306331343163
3934373337306464630a333736623135613034666436313066643839333936646637616366316337 3130333631666165300a343830303464393337393939666637366630626331373763313730656262
63343561383066386237366335643634633439373961353332306264363930626362323932303834 65356531353331303635636330316164336532393262396636643630656664343439393631363561
33383365633036326232393430323561623631346539336331386365386132386237313839393534 30356635656664303563336134386531313365613030306539663964346262363739363731393932
66666463643739376665356439316435383135613166323736323434623337663733646662383939 34643266626338613236383031343336613039363062663437366162613235633666343364393839
66393966666237623538643966633566396232313530356335393730646439336661633935383632 34636630393632633037313931646330626163343066323965306230353230666433346664653731
65656634643064303937383261306636396435333136366661633462363766623831333635643834 65656438353434393864353334666564343030366234663862313830393333353239373033326363
62383130363237633935643035363538313035363830376161373239626662663335616362303966 63313231326637383164646266356337643734363339616133613562663033633363616137363131
36626162623138386430303138393138356431653635663437626532666330656135386336333164 32356138313134653533623865343066353061653363313738326164373734653532383632616536
39633462343538353534633065383132363261313164323763363634343631373630346531613532 33623834663130656630386138616233336165656438636534353836656135353339376665343934
37376331386335336161373132383834613835613266653130633231643239333437346563333966 38313530393762353733646232386533663264663038326530323533396239393731336638666239
36393536633165396637653534346231633662626334613432313032383631613164633566643433 36373033366135373139616636316562333931313138613136663136366538636638333431623562
37656134323365336562396238383062656161386262623831366135343532303436633265396534 39303032336165623066373431343438333964623636636666376437666239373164303430333464
66653166633864653338613231633661366338323865316663313961373664643166656338666265 30356466313661383837393164393539616133396564636565373865363962356230353562346138
37333763626238613432393564363936373263663436633330366161653139386437326636653264 65633030373339626262643066396432653535613731306130383763333434343539326339653831
63366461663064306561363134333734363336353736613336613032633065323238306461633266 35616265316533653834336138316530353338616337333964363061343731373836353731656535
33663439336664303565646332666239373234393561393137323537646234306564613438373834 30613638656265633334393035633435623666373033393538313338383964363638626438373731
36653566616364663835666230373738643035383835396235653236643038646130356339383963 61313561656664616631653134623965336263323463666433346561646435346330323935643861
35633837376635303235653866313530353761626366353435336135623863666231636663656163 31386662393637363733376566663666373332343437643630616663376235376436613861313931
33326664343732623363663466613936346636633163653330643532303434336265393064346631 38626562656333343365353461383132353636666162663836633831643335663766643433323038
38613464383834316239633336313131653132653433633062666563396136623236656337646563 35613332353639343339363865663236333336386238306534343065343430346236323865383637
39666535356530373632633835646635396663343562303561656134316233646439633130663730 38363039346461613564653734303839633631386632386230636232656462373963326366306464
66363565623461393835656437626661643263353237636132363664646434623066343566643065 66303233613765343262346237666362613362326635663831626238633936656438623737333966
66346334613866623636353365663933653439323162646137376361356238336563376338663861 36636539343536366335303235313966306666343537626462343331653534386537653530613939
37393362616361303365636132666562346638616439643435363430636435313161386336343233 39343331613639316237306362633261646161333231643532346430313134636664663732383161
62303630623231623466383533353961383835613333636266343531623766316462643539663833 61643766396463636334323031346433393362323165346435383366356263623030623334356331
63353830363564386536383866633530646636323234353962353861333939323138623430303165 39323032323562336135353166656163626439613166373532366439643634346336633436323035
33636436313932326162356363346130383433353466326133336161653865653565363861393835 37646334346131313034623233323032616566383261303632653262646565343330363934313939
35646238336161613463343362303861336366613065366231313032636664653837663237383230 30343632333465373939376530636466666134666333363431353761316164363465336138373866
35356339656332353130343137616562356362353765653865396336306532663833356633643630 35633866323230326462343264666266363965383734313066643733613231656463326166343635
38633639326535643665303630323235356534626633383838343962613963353339393638386265 37633237636134623836363739356331623933613363636238653633363462626336373761353433
36396237366331643866356361376534386532333134623965343637313835663635383934663838 66623361326464643534636438393763396363343038353833353339656338313731326432393134
30653935316633326265633833616432323761643730326265313638623835666663666466306339 61633533663161373161373165326634363736383965383230626461646539623163646532356237
38303161363935643936663865636230626533616337386665646363623666356532646237393261 63613838616436626462666561376434366365633239643933386232653265396363383666376137
30313938633361613364306138376339306561393937663831303233323731383666653936613939 38636263646561363933626366623263313331353932393636343936376164393265646165633130
34633863353834376463356630336233383837313538643161626439613939346334396533396466 39363764626238643432646338353534323737663361303336376463306439383461366232393533
37643333393063613666646438363033333937383262616334376266306234313861656663653034 30633533333937313338343630326632373831333562633634356366376535303932663361633165
36303436356261333135313030653931653239363031396130373431646363653035353461373537 65626237363332313830393231373537343561633233616462626561333563306431316238616364
61303765393831396337363033356535313433623539626433363634343637336564613338363138 32653363383438303232346561353266646536316632353531616436396636346166376530383563
33663937643732336231313462623163386264383436306435643235306133316336376236393330 66396330303465626239653637323539376261373831616439363864376430396530636430623330
31643833376261363863666638623130393531363938393064643463316566326637633965666337 35323165663366653961303732336239656265383361343839663332616161663137373939383664
31616238376235343238336236396234643666346431356232616461343138613534653538326131 37383731653034336336656165386265613937636434393964643266613233663663383034616261
36313866303733666534326332366338353337333531663036646566376462363461393038333766 30613666343034343134343332306363666339643838316639373334376132666632346438656164
30633030333732613732633836386530313065633164623131326433636635393838663666373163 36326364383731366138636131346165653737383965323166393633623764613063623338636237
38623237373962393336663330666133326261383162303130303464366462366261366436396534 38363033663634376632346539623938323261313235616531393466623039616639616430663737
36373865616335626664333164663538366162333366386232323566303237396266626539313333 38303537346636373665386539653565313632356233333031656434633766376139346361373639
34313731653261613138333738643462373931393561646131653931333865386434656637633134 63313063353465316434303866643639313030326363383135303536623662326261353831326537
64646462623966356134626431376636613864343538373264623436336236623031313033383763 33616234333836376631326133356564616563623334373037333161333933323333386662303239
62346534643938323565393866333035636535376461316336356531306439666633356261393135 37316238656436396266663066393431646464333162343833303132383862616237383637303131
62653862373731393934363338633434376430313063356666376438383032353935363132313239 34386630643637316636373564636261626130643963643632343334373630356539303332333730
30386263633333323862323832333561386439616463363365653230373838326137353830373336 38643866356261383738633861373138653835373632666533366432383436383431653433636434
30653635353166356463643038303335633839326430666632366237363233376334333334623839 33623966633261383164633836336466336431666161346232333765663264333265666163303137
39306636323435613039633738306364386366623435333263303139376236356130636566343764 66623066363861656366663033336330613066356534663963396337623664383031663630353638
30666230376532336539326538646331353638653766656365656662383538626138656231633231 35626563653761386332383539626539633134396538313564303636343864306233653636656133
64303461613161323230306131323434633632306661666133643330323066373131376466373536 31336330383039353238346137633835643134656132353463666535393862383962626632336566
62346434323863343530613663656538366463373432653562333238613563323434626236353363 33616533356331386631343937303636383237613035376265316239623864356434386130353233
63656464376331653835643533313162656665386163636236333963363835376464306230316339 31393266363236356635613731303463626161663732326231386430393135623735386562323634
33386464656637633339666665383933613239353130386533643632363936366564636666616166 62303163313730336464313362336366396664666136376230386332656534383631636534656337
32626539623661666564313761363631343439326265393633306138373362323330333063643632 33333039356531336266303231613235396633323837613438303935356134626235623966316635
61396565333365663031316566306334646162303361346466336635336134353835353537613939 32353034326566353461386461663339313232653031383630376562346531633764396135646535
36353662373666653036366434323063346634653431396630396665623334636266326565643435 63613834616333373462386333656633623139643531313130623237383437356431613136376432
31666134396363663833303936623630623634356334633762623739666365613034366536356264 33643963313036663835396531663930643932303563386430633962346565653138366264363234
35353963643339636638306463363137646132366561666164373735336635373464616361613036 64333134336161333563333830313333343037656533303261393839343163303535313830653938
33393138663730343865386531303462616535663363653034396234376130613133613165333466 36306638653133633038323662333138663233366661646135643663396332386639316265346664
39303132323037366262363865313334663662396365393730316132366564633131356230306531 30333234313731303265356539373066326238623234326633376136326361633734316335313639
30333565333762323836663538623539326364646333376565616636333231396664663364666465 32643038363163366232656536386336643661636431643639373732623335303366363130383961
30303166393231393831373837383333653465643135323664346432353434653436326266343730 38306163626336613438366335303464306238663966313439656534383430623036316237356138
35643633646233363434393936343362636563316433663434306434356563616666626132363463 61633766306336386438373037366637313031333132653935326564346531663430656632393334
65323638646131383337316430393435383930393863383066373232313531313039616564353662 61383461366539613462646162656333663536343339323639613466353133313364326236313764
38323136343138366633643535323035376239383466633664323662326565613734636136343233 33383938613262343564663339366165633362323432663961666666393561346639656639306335
35653663633166653264363562666533323035306539666362363566633732363233613366303736 64633230623164323432323534386637336433643164326336396462383134633533306630366234
64356666326533626662393633653438643938343734663536653365346464306432323137386433 64643563623966333632656137373865306365663633386466643530383761323332613665663731
32366235303539363031636364333037343137333230383239626663326535313139663139613434 37393234333231326235656636376132326530363730353231386262383262366565383539383034
66633630333335366165356534303333373739653431643335333837306533313263333762626431 66346434353562303033346536393762343363643635346332623366396265393264343130333864
33383938623336663236646362616231663462303533333639303835356233663035613034303264 33616665376139356534633964623536636430346631313161313839313433326639376663326534
31383938393530376665373066623462663366643864646538623162326538313837623832616339 34363536393065353832323761643830303764356363363136346331383363383437306431663739
38323861653832386365613333303430383065323330666565343264353465306231303935363762 61333663313164346634633236373464303439663365336265653332306365626136666563326664
38303263623339326433333566313134623735366366656465643766663664343663326261373130 38313665653464313266373435303433636636666539396535316539363733366365663137356161
65366137626464656633376536346561633266343735363262326362353061323838383536643761 36383136333834613466323837666564663066646330303266633465386634396134
63666331313362626232656237303564613734643034623330656235656234613033336662306230
37626535653235353862626264373039343132646538306638666635623531623235633665643533
36633333653566656163

36
roles/awx/tasks/awx-config.yml
Unescape Escape View File

@ -275,33 +275,33 @@
tags: tags:
- awx_config - awx_config
- name: "Search <Container Registry> credentials <{{ shared_service_docker_registry_hostname }}>" - name: "Search <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
include_tasks: awx-config-get-typ-id.yml include_tasks: awx-config-get-typ-id.yml
vars: vars:
awx_rest_api_type: credentials awx_rest_api_type: credentials
awx_search_key: name awx_search_key: name
awx_search_name: "{{ shared_service_docker_registry_hostname }}" awx_search_name: "{{ shared_service_harbor_hostname }}"
tags: tags:
- awx_config - awx_config
- name: "Update awx_credential_docker_registry_id" - name: "Update awx_credential_harbor_id"
set_fact: set_fact:
awx_credential_docker_registry_id: "{{ awx_type_id }}" awx_credential_harbor_id: "{{ awx_type_id }}"
when: when:
- awx_type_id != "None" - awx_type_id != "None"
tags: tags:
- awx_config - awx_config
- name: "Add <Container Registry> credentials <{{ shared_service_docker_registry_hostname }}>" - name: "Add <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
vars: vars:
name: "{{ shared_service_docker_registry_hostname }}" name: "{{ shared_service_harbor_hostname }}"
description: "{{ shared_service_docker_registry_hostname }}" description: "{{ shared_service_harbor_hostname }}"
user_id: "{{ ansible_awx_user_id }}" user_id: "{{ ansible_awx_user_id }}"
credential_type_id: "{{ awx_credential_type_container_registry_id }}" credential_type_id: "{{ awx_credential_type_container_registry_id }}"
credential_type_name: "Container Registry" credential_type_name: "Container Registry"
host: "{{ shared_service_docker_registry_hostname }}" host: "{{ shared_service_harbor_hostname }}"
username: "{{ docker_registry_username }}" username: "{{ harbor_username }}"
password: "{{ docker_registry_token }}" password: "{{ harbor_token }}"
uri: uri:
url: "{{ awx_base_url }}/api/v2/credentials/" url: "{{ awx_base_url }}/api/v2/credentials/"
method: POST method: POST
@ -317,23 +317,23 @@
status_code: 201 status_code: 201
register: response register: response
changed_when: response.status == 201 changed_when: response.status == 201
when: awx_credential_docker_registry_id is not defined when: awx_credential_harbor_id is not defined
tags: tags:
- awx_config - awx_config
- name: "Search <Container Registry> credentials <{{ shared_service_docker_registry_hostname }}>" - name: "Search <Container Registry> credentials <{{ shared_service_harbor_hostname }}>"
include_tasks: awx-config-get-typ-id.yml include_tasks: awx-config-get-typ-id.yml
vars: vars:
awx_rest_api_type: credentials awx_rest_api_type: credentials
awx_search_key: name awx_search_key: name
awx_search_name: "{{ shared_service_docker_registry_hostname }}" awx_search_name: "{{ shared_service_harbor_hostname }}"
when: awx_credential_docker_registry_id is not defined when: awx_credential_harbor_id is not defined
tags: tags:
- awx_config - awx_config
- name: "Update awx_credential_docker_registry_id" - name: "Update awx_credential_harbor_id"
set_fact: set_fact:
awx_credential_docker_registry_id: "{{ awx_type_id }}" awx_credential_harbor_id: "{{ awx_type_id }}"
when: when:
- awx_type_id != "None" - awx_type_id != "None"
tags: tags:
@ -367,8 +367,8 @@
vars: vars:
name: "hetzner-ansible" name: "hetzner-ansible"
description: "hetzner-ansible" description: "hetzner-ansible"
image: "{{ shared_service_docker_registry_hostname }}/awx/awx-custom-ee" image: "{{ shared_service_harbor_hostname }}/awx/awx-custom-ee"
credential: "{{ awx_credential_docker_registry_id }}" credential: "{{ awx_credential_harbor_id }}"
pull: "always" pull: "always"
uri: uri:
url: "{{ awx_base_url }}/api/v2/execution_environments/" url: "{{ awx_base_url }}/api/v2/execution_environments/"

4
roles/common/configs/docker/config.json.j2
Unescape Escape View File

@ -1,7 +1,7 @@
{ {
"auths": { "auths": {
"{{ shared_service_docker_registry_hostname }}": { "{{ shared_service_harbor_hostname }}": {
"auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}" "auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}"
} }
} }
} }

2
roles/connect-wordpress/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,4 @@
--- ---
wordpress_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/wordpress" wordpress_image_name: "{{ shared_service_harbor_hostname }}/smardigo/wordpress"
wordpress_image_version: '1.3.1' wordpress_image_version: '1.3.1'

3
roles/connect/defaults/main.yml
Unescape Escape View File

@ -1,7 +1,6 @@
--- ---
connect_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/connect-whitelabel-app" connect_image_name: "{{ shared_service_harbor_hostname }}/smardigo/connect-whitelabel-app"
connect_image_version: 'latest'
# TODO inject by management portal # TODO inject by management portal
connect_admin_username: "connect-admin" connect_admin_username: "connect-admin"

41
roles/harbor/defaults/main.yml
Unescape Escape View File

@ -5,10 +5,7 @@ harbor_version: v2.4.1
harbor_hostname: '{{ stage_server_domain }}' harbor_hostname: '{{ stage_server_domain }}'
harbor_external_url: 'https://{{ stage_server_domain }}' harbor_external_url: 'https://{{ stage_server_domain }}'
harbor_admin_username: '{{ harbor_admin_username_vault }}' harbor_id: '{{ inventory_hostname }}-harbor'
harbor_admin_password: '{{ harbor_admin_password_vault }}'
traefik_id: '{{ inventory_hostname }}-harbor'
harbor_dockercompose_customized: harbor_dockercompose_customized:
services: services:
@ -23,20 +20,20 @@ harbor_dockercompose_customized:
ports: [] # not exposing ports - already used by traefik ports: [] # not exposing ports - already used by traefik
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.http.middlewares.{{ traefik_id }}.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.{{ harbor_id }}.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ traefik_id }}.service={{ traefik_id }}" - "traefik.http.routers.{{ harbor_id }}.service={{ harbor_id }}"
- "traefik.http.routers.{{ traefik_id }}.rule=Host(`{{ harbor_hostname }}`)" - "traefik.http.routers.{{ harbor_id }}.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ traefik_id }}.entrypoints=websecure" - "traefik.http.routers.{{ harbor_id }}.entrypoints=websecure"
- "traefik.http.routers.{{ traefik_id }}.tls=true" - "traefik.http.routers.{{ harbor_id }}.tls=true"
- "traefik.http.routers.{{ traefik_id }}.tls.certresolver=letsencrypt" - "traefik.http.routers.{{ harbor_id }}.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ traefik_id }}.loadbalancer.server.port=8080" - "traefik.http.services.{{ harbor_id }}.loadbalancer.server.port=8080"
- "traefik.http.middlewares.{{ traefik_id }}-monitor.headers.customrequestheaders.X-Forwarded-Proto=https" - "traefik.http.middlewares.{{ harbor_id }}-monitor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.{{ traefik_id }}-monitor.service={{ traefik_id }}-monitor" - "traefik.http.routers.{{ harbor_id }}-monitor.service={{ harbor_id }}-monitor"
- "traefik.http.routers.{{ traefik_id }}-monitor.rule=Host(`{{ harbor_hostname }}`)" - "traefik.http.routers.{{ harbor_id }}-monitor.rule=Host(`{{ harbor_hostname }}`)"
- "traefik.http.routers.{{ traefik_id }}-monitor.entrypoints=monitoring-harbor" - "traefik.http.routers.{{ harbor_id }}-monitor.entrypoints=monitoring-harbor"
- "traefik.http.routers.{{ traefik_id }}-monitor.tls=true" - "traefik.http.routers.{{ harbor_id }}-monitor.tls=true"
- "traefik.http.routers.{{ traefik_id }}-monitor.tls.certresolver=letsencrypt" - "traefik.http.routers.{{ harbor_id }}-monitor.tls.certresolver=letsencrypt"
- "traefik.http.services.{{ traefik_id }}-monitor.loadbalancer.server.port=9090" - "traefik.http.services.{{ harbor_id }}-monitor.loadbalancer.server.port=9090"
networks: networks:
front-tier: front-tier:
external: true external: true
@ -44,14 +41,14 @@ harbor_dockercompose_customized:
harbor_base_configuration: harbor_base_configuration:
email_host: '{{ shared_service_mail_hostname }}' email_host: '{{ shared_service_mail_hostname }}'
email_port: 25 email_port: 25
email_from: '{{ ansible_fqdn }}@{{ shared_service_mail_hostname }}' email_from: '{{ harbor_id }}@{{ domain }}'
email_password: '' email_password: ''
email_username: '' email_username: ''
email_insecure: true email_insecure: true
auth_mode: oidc_auth auth_mode: oidc_auth
oidc_name: docker oidc_name: "{{ harbor_oidc_realm }}"
oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/docker' oidc_endpoint: 'https://{{ shared_service_keycloak_hostname }}/auth/realms/docker'
oidc_client_id: docker-registry oidc_client_id: "{{ harbor_oidc_client_id }}"
oidc_groups_claim: groups oidc_groups_claim: groups
oidc_scope: openid oidc_scope: openid
oidc_verify_cert: true oidc_verify_cert: true
@ -87,7 +84,7 @@ harbor_robot_tokens:
name: ansible name: ansible
level: system level: system
description: 'smardigo docker pull credentials' description: 'smardigo docker pull credentials'
secret: '{{ docker_registry_token }}' secret: '{{ harbor_token }}'
disable: false disable: false
duration: -1 duration: -1
editable: true editable: true

65
roles/harbor/tasks/configure.yml
Unescape Escape View File

@ -1,56 +1,19 @@
--- ---
- name: "harbor BASE settings" #- name: "harbor BASE settings"
block: # block:
- name: "BLOCK: Login with keycloak-admin" # - set_fact:
include_role: # harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}'
name: keycloak
tasks_from: _authenticate # - name: "BLOCK: Configure harbor BASE settings"
# include_tasks: configure_base_config.yml
- name: "GET available clients from <<{{ harbor_base_configuration.oidc_name }}>>-realm" # vars:
delegate_to: localhost # base_configuration: '{{ harbor_base_configuration_merged }}'
become: False # args:
uri: # apply:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients" # tags:
method: GET # - harbor-configure-base
headers: ## end of block for base settings
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: realm_clients
# available clients: get needed ID
- set_fact:
id_of_client: '{{ ( realm_clients.json | selectattr("clientId","equalto", harbor_base_configuration.oidc_client_id ) | first ).id }}'
- name: "BLOCK: GET client-secret for client <<{{ harbor_base_configuration.oidc_client_id }}>> in realm <<{{ harbor_base_configuration.oidc_name }}>>"
delegate_to: localhost
become: False
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients/{{ id_of_client }}/client-secret"
method: GET
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [200]
register: client_secret
- set_fact:
dict:
oidc_client_secret: '{{ client_secret.json.value }}'
- set_fact:
harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}'
- name: "BLOCK: Configure harbor BASE settings"
include_tasks: configure_base_config.yml
vars:
base_configuration: '{{ harbor_base_configuration_merged }}'
args:
apply:
tags:
- harbor-configure-base
# end of block for base settings
- name: "Create object of templated harbor projects" - name: "Create object of templated harbor projects"
set_fact: set_fact:

2
roles/iam/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,4 @@
--- ---
iam_image_name: '{{ shared_service_docker_registry_hostname }}/smardigo/iam-app' iam_image_name: '{{ shared_service_harbor_hostname }}/smardigo/iam-app'
iam_image_version: 'latest' iam_image_version: 'latest'

2
roles/keycloak/defaults/main.yml
Unescape Escape View File

@ -4,4 +4,4 @@
service_port_keycloak_external: "8110" service_port_keycloak_external: "8110"
keycloak_version: "14.0.0.1" keycloak_version: "14.0.0.1"
keycloak_image: "{{ shared_service_docker_registry_hostname }}/smardigo/keycloak" keycloak_image: "{{ shared_service_harbor_hostname }}/smardigo/keycloak"

21
roles/keycloak/tasks/main.yml
Unescape Escape View File

@ -54,12 +54,12 @@
current_owner: "{{ docker_owner }}" current_owner: "{{ docker_owner }}"
current_group: "{{ docker_group }}" current_group: "{{ docker_group }}"
- name: "Update {{ inventory_hostname }}" #- name: "Update {{ inventory_hostname }}"
shell: docker-compose pull # shell: docker-compose pull
args: # args:
chdir: '{{ service_base_path }}/{{ inventory_hostname }}' # chdir: '{{ service_base_path }}/{{ inventory_hostname }}'
tags: # tags:
- update_deployment # - update_deployment
- name: "Start {{ inventory_hostname }}" - name: "Start {{ inventory_hostname }}"
shell: docker-compose up -d shell: docker-compose up -d
@ -169,12 +169,3 @@
tags: tags:
- create_groups - create_groups
- update_realms - update_realms
#- name: "Activate event listeners"
# shell: |
# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD"
# docker exec {{ keycloak_id }} /bin/sh -c "/opt/jboss/keycloak/bin/kcadm.sh update events/config -s 'eventsEnabled=true' -s 'adminEventsEnabled=true' -s 'eventsListeners+=metrics-listener'"
# docker exec {{ keycloak_id }} /bin/sh -c "usr/bin/rm -f /opt/jboss/.keycloak/kcadm.config"
# tags:
# - update_deployment
# - configure_container

2
roles/keycloak/templates/keycloak-realm-create-client.json.j2
Unescape Escape View File

@ -57,7 +57,7 @@
"protocolMapper": "oidc-group-membership-mapper", "protocolMapper": "oidc-group-membership-mapper",
"consentRequired": false, "consentRequired": false,
"config": { "config": {
"full.path": "true", "full.path": "false",
"id.token.claim": "true", "id.token.claim": "true",
"access.token.claim": "true", "access.token.claim": "true",
"claim.name": "groups", "claim.name": "groups",

2
roles/kubernetes/apps/defaults/main.yml
Unescape Escape View File

@ -106,7 +106,7 @@ k8s_argocd_helm__release_values:
hostAliases: hostAliases:
- ip: "{{ shared_service_docker_ip }}" - ip: "{{ shared_service_docker_ip }}"
hostnames: hostnames:
- "{{ shared_service_docker_registry_hostname }}" - "{{ shared_service_harbor_hostname }}"
- ip: "{{ shared_service_keycloak_ip }}" - ip: "{{ shared_service_keycloak_ip }}"
hostnames: hostnames:
- "{{ shared_service_keycloak_hostname }}" - "{{ shared_service_keycloak_hostname }}"

2
roles/kubernetes/namespace/defaults/main.yml
Unescape Escape View File

@ -1,4 +1,4 @@
--- ---
k8s_namespace: "default" k8s_namespace: "default"
k8s_docker_registry_key: "{{ stage }}-docker-registry-key" k8s_docker_registry_key: "{{ stage }}-harbor-key"

4
roles/kubernetes/namespace/templates/docker-secret.json.j2
Unescape Escape View File

@ -1,7 +1,7 @@
{ {
"auths": { "auths": {
"{{ shared_service_docker_registry_hostname }}": { "{{ shared_service_harbor_hostname }}": {
"auth": "{{ [docker_registry_username, docker_registry_token] | join(":") | string | b64encode }}" "auth": "{{ [harbor_username, harbor_token] | join(":") | string | b64encode }}"
} }
} }
} }

4
roles/pdns/defaults/main.yml
Unescape Escape View File

@ -1,9 +1,9 @@
--- ---
pdns_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/pdns-authoritative" pdns_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-authoritative"
pdns_image_version: "1.0.0" pdns_image_version: "1.0.0"
pdns_recursor_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/pdns-recursor" pdns_recursor_image_name: "{{ shared_service_harbor_hostname }}/smardigo/pdns-recursor"
pdns_recursor_image_version: "1.0.0" pdns_recursor_image_version: "1.0.0"
pdns_admin_image_name: "ngoduykhanh/powerdns-admin" pdns_admin_image_name: "ngoduykhanh/powerdns-admin"

2
roles/webdav/defaults/main.yaml
Unescape Escape View File

@ -1,4 +1,4 @@
--- ---
webdav_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/smardigo-webdav-app" webdav_image_name: "{{ shared_service_harbor_hostname }}/smardigo/smardigo-webdav-app"
webdav_image_version: "8.4.1" webdav_image_version: "8.4.1"

2
scripts/update-docker-image.sh
Unescape Escape View File

@ -7,7 +7,7 @@
# update-docker-image.sh qa smardigo sensw sensw-app latest # update-docker-image.sh qa smardigo sensw sensw-app latest
FROM="docker.dev-at.de/$2/$4:$5" FROM="docker.dev-at.de/$2/$4:$5"
TO="$1-docker-registry-01.smardigo.digital/$3/$4:$5" TO="$1-harbor-01.smardigo.digital/$3/$4:$5"
echo echo
echo updating $TO with image from $FROM echo updating $TO with image from $FROM

2
stage-dev
Unescape Escape View File

@ -16,7 +16,7 @@ dev-elastic-stack-elastic-03
dev-gitea-01 dev-gitea-01
[harbor] [harbor]
dev-docker-registry-01 dev-harbor-01
[iam] [iam]
dev-iam-01 dev-iam-01

2
stage-qa
Unescape Escape View File

@ -16,7 +16,7 @@ qa-elastic-stack-elastic-03
qa-gitea-01 qa-gitea-01
[harbor] [harbor]
qa-docker-registry-01 qa-harbor-01
[iam] [iam]
qa-iam-01 qa-iam-01

375
templates/harbor/harbor/docker-compose.yml.j2
Unescape Escape View File

@ -1,375 +0,0 @@
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.3.0
container_name: harbor-log
restart: always
dns_search: .
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.3.0
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.3.0
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.3.0
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
dns_search: .
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.3.0
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
harbor:
harbor-chartmuseum:
aliases:
- harbor-core
dns_search: .
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "core"
extra_hosts:
- dev-keycloak-01.smardigo.digital:10.1.0.2
- dev-mail-01.smardigo.digital:10.2.0.2
portal:
image: goharbor/harbor-portal:v2.3.0
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.3.0
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
dns_search: .
depends_on:
- core
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.3.0
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
harbor-chartmuseum:
aliases:
- redis
dns_search: .
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.3.0
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
- front-tier
dns_search: .
# ports:
# - 80:8080
# - 9090:9090
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.dev-docker-registry-01-harbor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.dev-docker-registry-01-harbor.service=dev-docker-registry-01-harbor"
- "traefik.http.routers.dev-docker-registry-01-harbor.rule=Host(`dev-docker-registry-01.smardigo.digital`)"
- "traefik.http.routers.dev-docker-registry-01-harbor.entrypoints=websecure"
- "traefik.http.routers.dev-docker-registry-01-harbor.tls=true"
- "traefik.http.routers.dev-docker-registry-01-harbor.tls.certresolver=letsencrypt"
- "traefik.http.services.dev-docker-registry-01-harbor.loadbalancer.server.port=8080"
- "traefik.http.middlewares.dev-docker-registry-01-harbor-monitor.headers.customrequestheaders.X-Forwarded-Proto=https"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.service=dev-docker-registry-01-harbor-monitor"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.rule=Host(`dev-docker-registry-01.smardigo.digital`)"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.entrypoints=monitoring-harbor"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.tls=true"
- "traefik.http.routers.dev-docker-registry-01-harbor-monitor.tls.certresolver=letsencrypt"
- "traefik.http.services.dev-docker-registry-01-harbor-monitor.loadbalancer.server.port=9090"
trivy-adapter:
container_name: trivy-adapter
image: goharbor/trivy-adapter-photon:v2.3.0
restart: always
cap_drop:
- ALL
dns_search: .
depends_on:
- log
- redis
networks:
- harbor
volumes:
- type: bind
source: /data/trivy-adapter/trivy
target: /home/scanner/.cache/trivy
- type: bind
source: /data/trivy-adapter/reports
target: /home/scanner/.cache/reports
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "trivy-adapter"
env_file:
./common/config/trivy-adapter/env
chartmuseum:
container_name: chartmuseum
image: goharbor/chartmuseum-photon:v2.3.0
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
networks:
- harbor-chartmuseum
dns_search: .
depends_on:
- log
volumes:
- /data/chart_storage:/chart_storage:z
- ./common/config/chartserver:/etc/chartserver:z
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "chartmuseum"
env_file:
./common/config/chartserver/env
exporter:
image: goharbor/harbor-exporter:v2.3.0
container_name: harbor-exporter
env_file:
- ./common/config/exporter/env
restart: always
networks:
- harbor
dns_search: .
depends_on:
- core
- postgresql
volumes:
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "exporter"
networks:
harbor:
external: false
harbor-chartmuseum:
external: false
front-tier:
external: true
Write Preview
Loading…
Cancel
Save